nixos/applications/ldap/backend.nix

414 lines
8.5 KiB
Nix
Raw Normal View History

{ config, pkgs, lib, inputs, ... }:
with lib;
let
cfg = config.services.ldap_backend;
port_backend = "8087";
in {
imports = [
../acme.nix
../dns.nix
../nginx.nix
inputs.skynet_ldap_backend.nixosModule."x86_64-linux"
];
options.services.ldap_backend = {
enable = mkEnableOption "Skynet LDAP backend server";
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
domain = {
tld = mkOption {
type = types.str;
default = "ie";
};
base = mkOption {
type = types.str;
default = "skynet";
};
sub = mkOption {
type = types.str;
default = "api.account";
};
};
};
config = mkIf cfg.enable {
#backups = [ "/etc/silver_ul_ical/database.db" ];
age.secrets.ldap_details.file = ../../secrets/ldap/details.age;
age.secrets.ldap_discord.file = ../../secrets/discord/ldap.age;
age.secrets.ldap_mail.file = ../../secrets/email/details.age;
skynet_acme.domains = [
"${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
];
skynet_dns.records = [
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
];
services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/".proxyPass = "http://localhost:${port_backend}";
2023-07-27 23:05:11 +00:00
2023-08-29 15:22:07 +00:00
# extraConfig = ''
# add_header Access-Control-Allow-Origin "https://account.${cfg.domain.base}.${cfg.domain.tld}";
# '';
2023-07-27 23:05:11 +00:00
extraConfig = ''
2023-08-29 15:02:34 +00:00
add_header Access-Control-Allow-Origin "*";
2023-07-27 23:05:11 +00:00
'';
};
services.skynet_ldap_backend = {
enable = true;
# contains teh password in env form
env = {
ldap = config.age.secrets.ldap_details.path;
discord = config.age.secrets.ldap_discord.path;
mail = config.age.secrets.ldap_mail.path;
};
host_port = "127.0.0.1:${port_backend}";
users = {
admin = [
"silver"
"evanc"
"eoghanconlon73"
];
committee = [
2023-07-30 02:13:49 +00:00
"grym"
"dawidk5"
"leo"
"silver"
"eoghanconlon73"
];
lifetime = [];
banned = [];
restricted = [
# usernames folks arent allowed to use
"contact"
"dnsadm"
"president"
"treasurer"
"secretary"
"pro"
"sysadmin"
"root"
] ++ [
# basis comes from https://discord.com/channels/689189992417067052/1126084496710713414/1149072061466169444
# start off with compsoc stuff first
"competition_www"
"demo1"
"demouser"
"ftp"
"lost+found"
"postfix"
"skynews.old"
"system_backup"
"test"
"test12"
"test20202"
"test20203"
"tmp"
"webadm"
] ++ [
# clubs and socs (as far as I can tell
"aerosoc"
"aikido"
"anfocal"
"bics"
"boarding"
"cns"
"dev"
"filmsoc"
"gaa"
"german"
"golfsoc"
"handball"
"hispanic"
"history"
"hockey"
"home"
"legosoc"
"lifesave"
"mens_gfc"
"musicsoc"
"pagansoc"
"peacesoc"
"physics"
"poker"
"prolife"
"radio"
"ragweek"
"sinnfein"
"soccer"
"ulbs"
"ulcamogie"
"ulcc"
"ulgaa"
"ulils"
"ulladiesfootball"
"ullaughinsoc"
"ulrfc"
"ulriders"
"ulssc"
"ultennis"
"viking"
] ++ [
# remaining, most likely usernames
"_9thwonder"
"abc"
"activate"
"aiesec"
"air"
"aladdin"
"alaric"
"aldozzie"
"allenli"
"amg"
"amgl"
"annette"
"annlad"
"ards_backup"
"arisquez"
"arthur"
"austin"
"beta"
"bh"
"bigdave"
"bios"
"bizarroal"
"bmacaree"
"boardy"
"boddah"
"bogus.anime.fakh"
"bogus.bhudt.dacf"
"bogus.citoge.baym"
"bogus.electro.ba0a"
"bogus.fencing.baw5"
"bogus.harry.ba8f"
"bogus.hui.hong.baci"
"bogus.ironman.baqib"
"bogus.joe.bach"
"bogus.kenny.bas6"
"bogus.kerswin.baybb"
"bogus.kravmaga.ba0w"
"bogus.methi.baq5"
"bogus.nelsonmw.bauc"
"bogus.poshea.ba0m"
"bogus.redwolf.bawn"
"bogus.romanov.baat"
"bogus.ryan.bae-"
"bogus.rynnea.bask"
"bogus.sea.af"
"bogus.shane.c.ba8z"
"bogus.t1000.baggb"
"bogus.ullrugby.ba8p"
"brendan"
"bubba"
"c_material_removed"
"ca_worm"
"cactus"
"carticus"
"cathalc"
"cathald-broken"
"cdschedule"
"celtic"
"christine"
"cian"
"ciara"
"ciaran"
"colin"
"cosmo"
"counsel"
"creosote"
"crew"
"cues"
"cur"
"cwhelan"
"dac"
"daktulu"
"datacore"
"davec"
"daverus"
"deano"
"deccy"
"declanmu"
"deiji"
"dermotmc"
"derrick"
"deshocks"
"diarmuid"
"dippy"
"djraptor"
"dmackey"
"dmir"
"dom"
"dom_mckay"
"donie"
"donnacha"
"dos30"
"drazhar"
"duffman"
"eas"
"electal"
"emc"
"emilia"
"emma"
"emmag"
"ents"
"envcom"
"eoinh95"
"epgriffin"
"equest"
"fiacc"
"fint"
"flanno"
"fmannix"
"foodcoop"
"gamenet"
"ganainm"
"gar"
"ger88"
"ghama"
"ging"
"goborobo"
"gooner"
"greekweek"
"hawking"
"hb"
"homer"
"hoshi"
"ian"
"ianrice"
"ilug"
"infinity"
"ingenuus"
"internat"
"jamessy"
"jamiebarry"
"jbravo"
"jdonegan"
"joedredd"
"johann"
"jokill"
"jsoccer"
"jules"
"kate"
"katie"
"kellyj"
"kiely"
"koo"
"l_d_ablo"
"lakes"
"laura"
"lebowski"
"liabraid"
"lynn"
"mal"
"manuel"
"maraz"
"marieke"
"marky"
"mature"
"mbyrne"
"meanturtle"
"mickaful"
"mickasul"
"mikado"
"mikeh"
"mikkel"
"mixiezme"
"mmc"
"molly"
"moochie"
"moonser"
"mopic"
"mp"
"nastros"
"neutrino"
"new"
"nezzy"
"nkdc"
"nmcenroy"
"noelle"
"nugget"
"ob"
"omega"
"oneillbeano"
"pamela"
"peterj"
"photyl"
"plake"
"pmcg1986"
"pyro"
"qubeat"
"rachel"
"rachelg"
"ralmeida"
"raymond"
"razzlero"
"red"
"rmacm"
"rmorrissey"
"robson"
"selena"
"shark"
"shayscannell"
"shazlove"
"shelley"
"shelly"
"silver.old"
"sirhc"
"sithlord"
"sk"
"sligoer"
"slowey"
"smallp"
"smurfy"
"sordfish"
"soul98"
"soular"
"st"
"stefanovich"
"svp"
"szczerba"
"tangsoodo"
"tc"
"tenfor"
"teslacut"
"theematt"
"thomasl"
"tockman"
"ugm"
"vanzan"
"volleyb"
"warren"
"weather"
"wiles"
"yvonne"
"zrahman"
];
};
};
};
}